* Jeffrey Walton: > Does anyone know where to find an augmented CVE database with: (1) > programming language and (2) failure classification?
Red Hat's Bugzilla has CWE tagging for many CVEs, in the "Whiteboard" field. Mapping the affected packages to programming languages is some work, though. You could map the CVEs to Debian packages through the Debian Security Tracker, and use the implemented-in tags provided by Debian. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
